Infineon: Switch to 1.9.0 code base, add xmc7000 family support, refactor memory layer
diff --git a/boot/bootutil/src/fault_injection_hardening.c b/boot/bootutil/src/fault_injection_hardening.c
index 5e818c6..4dcbdd9 100644
--- a/boot/bootutil/src/fault_injection_hardening.c
+++ b/boot/bootutil/src/fault_injection_hardening.c
@@ -1,59 +1,52 @@
 /*
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright (c) 2020-2021, Arm Limited. All rights reserved.
  *
- * Copyright (c) 2020 Arm Limited
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
  */
 
 #include "bootutil/fault_injection_hardening.h"
 
-#ifdef FIH_ENABLE_DOUBLE_VARS
-/* Variable that could be (but isn't) changed at runtime to force the compiler
- * not to optimize the double check. Value doesn't matter.
- */
-volatile int _fih_mask = FIH_MASK_VALUE;
-fih_int FIH_SUCCESS = {FIH_POSITIVE_VALUE, FIH_MASK_VALUE ^ FIH_POSITIVE_VALUE};
-fih_int FIH_FAILURE = {FIH_NEGATIVE_VALUE, FIH_MASK_VALUE ^ FIH_NEGATIVE_VALUE};
-#else
-fih_int FIH_SUCCESS = {FIH_POSITIVE_VALUE};
-fih_int FIH_FAILURE = {FIH_NEGATIVE_VALUE};
-#endif /* FIH_ENABLE_DOUBLE_VARS */
-
 #ifdef FIH_ENABLE_CFI
+fih_uint fih_cfi_ctr = FIH_UINT_INIT(0u);
 
-#ifdef FIH_ENABLE_DOUBLE_VARS
-fih_int _fih_cfi_ctr = {0, 0 ^ FIH_MASK_VALUE};
-#else
-fih_int _fih_cfi_ctr = {0};
-#endif /* FIH_ENABLE_DOUBLE_VARS */
-
-/* Increment the CFI counter by one, and return the value before the increment.
- */
-fih_int fih_cfi_get_and_increment(void)
+fih_uint fih_cfi_get_and_increment(uint8_t cnt)
 {
-    fih_int saved = _fih_cfi_ctr;
-    _fih_cfi_ctr = fih_int_encode(fih_int_decode(saved) + 1);
-    return saved;
+    fih_uint saved_ctr = fih_cfi_ctr;
+
+    if (fih_uint_decode(fih_cfi_ctr) > UINT32_MAX - cnt) {
+        /* Overflow */
+        FIH_PANIC;
+    }
+
+    fih_cfi_ctr = fih_uint_encode(fih_uint_decode(fih_cfi_ctr) + cnt);
+
+    fih_uint_validate(fih_cfi_ctr);
+    fih_uint_validate(saved_ctr);
+
+    return saved_ctr;
 }
 
-/* Validate that the saved precall value is the same as the value of the global
- * counter. For this to be the case, a fih_ret must have been called between
- * these functions being executed. If the values aren't the same then panic.
- */
-void fih_cfi_validate(fih_int saved)
+void fih_cfi_validate(fih_uint saved)
 {
-    if (fih_int_decode(saved) != fih_int_decode(_fih_cfi_ctr)) {
+    volatile int32_t rc = FIH_FALSE;
+
+    rc = fih_uint_eq(saved, fih_cfi_ctr);
+    if (rc != FIH_TRUE) {
         FIH_PANIC;
     }
 }
 
-/* Decrement the global CFI counter by one, so that it has the same value as
- * before the cfi_precall
- */
 void fih_cfi_decrement(void)
 {
-    _fih_cfi_ctr = fih_int_encode(fih_int_decode(_fih_cfi_ctr) - 1);
-}
+    if (fih_uint_decode(fih_cfi_ctr) < 1u) {
+        FIH_PANIC;
+    }
 
+    fih_cfi_ctr = fih_uint_encode(fih_uint_decode(fih_cfi_ctr) - 1u);
+
+    fih_uint_validate(fih_cfi_ctr);
+}
 #endif /* FIH_ENABLE_CFI */
 
 #ifdef FIH_ENABLE_GLOBAL_FAIL
@@ -61,10 +54,12 @@
  * compiler removing due to non-standard calling procedure. Multiple loop jumps
  * used to make unlooping difficult.
  */
-__attribute__((used))
 __attribute__((noinline))
+__attribute__((noreturn))
+__attribute__((weak))
 void fih_panic_loop(void)
 {
+    FIH_LABEL("FAILURE_LOOP");
     __asm volatile ("b fih_panic_loop");
     __asm volatile ("b fih_panic_loop");
     __asm volatile ("b fih_panic_loop");
@@ -74,5 +69,20 @@
     __asm volatile ("b fih_panic_loop");
     __asm volatile ("b fih_panic_loop");
     __asm volatile ("b fih_panic_loop");
+    while (true) {} /* Satisfy noreturn */
 }
 #endif /* FIH_ENABLE_GLOBAL_FAIL */
+
+#ifdef FIH_ENABLE_DELAY
+void fih_delay_init(void)
+{
+    /* Implement here */
+}
+
+uint8_t fih_delay_random(void)
+{
+    /* Implement here */
+
+    return 0xFF;
+}
+#endif /* FIH_ENABLE_DELAY */